Project Management

In almost every company, a defined hierarchy, job description and organizational chart defines who is in charge of a certain issue. Nevertheless, most employees will recall situations, in which teams without a predefined leader had to collaborate. Being able to navigate these settings effectively is extremely helpful for the information security professional. More often than not, different departments and heterogenous groups have to work together to improve the security posture of a corporation. An open mind, real interest in the ideas of colleagues as well as a reasonable distribution of responsibilities and tasks is needed. Well known principles in information security are actually quite well suited for these circumstances.

Successfully managing information technology (IT) projects is a complex endeavor. Project management frameworks might seem overreaching or incompatible with some of the characteristics common to small organizations, like multi-function employees and smaller budgets.

A large (Fortune 100) company decided to improve its corporate "security visibility." Through this effort they intended to move from simply meeting regulatory and compliance requirements toward a more mature model capable of focusing on specific areas of risk.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.